Omni Skills

I try every AI tool. My skills scattered everywhere. This unifies them.

A CLI + MCP server that takes the skills you've collected across all your AI coding tools and unifies them into a single canonical store. Then it syncs them into every tool you use — Claude, Codex, Kimi, Gemini, Cursor, Zed, Cline, Z.AI, and anything else that follows.

The Problem This Solves

I am that person who installs every new AI coding tool the day it drops. Claude Code, Codex, Gemini CLI, Kimi, Cursor, Cline, Continue.dev, Zed — I have tried them all. And each one wanted its own instruction file, its own skill directory, its own configuration.

This is what my system looked like before:

Every tool had a piece of my knowledge. No tool had the full picture. The more tools I tried, the more fragmented my setup became.

What This Toolkit Does

Omni Skills is a single-purpose tool: it finds all the skills and instruction files you've accumulated, puts them in one place, and wires them into every AI tool you use.

# One canonical store. Every tool sees it.
omni-skills sync all   # Claude, Codex, Kimi, Gemini, Cursor, Cline, Zed, etc.

Three Portability Tiers

The MCP Server

Every AI tool that supports MCP registers this server and can call:

// list_skills — discover what's available
{
  "name": "list_skills",
  "result": [
    {"name": "clean-code", "description": "Pragmatic coding standards..."},
    {"name": "refine-requests", "description": "Refine a task by comparing acceptance criteria..."}
  ]
}

// read_skill — load the full instructions before acting
{
  "name": "read_skill",
  "arguments": {"name": "systematic-debugging"},
  "result": "# Systematic Debugging\n\nNO FIXES WITHOUT ROOT CAUSE..."
}

Skills are discovered from your private skill repos, live-reloaded when files change, and exposed as both tools and prompts.

Quick Start

Install

Choose one of the following. Native binaries do not require Node.js.

npm

npm install -g ai-omni-skills

Every release is published with npm provenance — verifiably linked to a GitHub commit and GitHub Actions workflow.

macOS / Linux (Homebrew)

brew tap moatazhamada/tap
brew install omni-skills

Windows (Winget)

winget install omni-skills

GitHub Releases

Download the binary for your platform from the releases page and place it in your PATH.

Prerequisites

You need your own private repository for your skills. This toolkit does not include skills — it connects the skills you already have to every AI tool you use.

# 1. Clone this toolkit (the code, not the skills)
git clone https://github.com/YOURUSER/ai-omni-skills.git
cd ai-omni-skills
npm link

# 2. Run the auto-scan setup
omni-skills setup
# Auto-detects your installed AI tools, finds your skill directories,
# suggests cleanup, and generates ~/.config/skills/config.json

# 3. Sync to every AI tool
omni-skills sync all

# 4. Verify health
omni-skills doctor

# 5. Run the verification suite
node verify.js

Setup Flags

# Override defaults without questions
omni-skills setup --public=~/my-skills-public --private=~/my-skills-private
omni-skills setup --toolkit=/path/to/this/repo

26 Supported AI Tools

¹ Z.AI works through existing tools. Point Claude Code, Cline, or Zed at the GLM Coding Plan endpoint. For VS Code Copilot, install the glm-copilot extension.

Tools with MCP support get the skills MCP server registered automatically. Tools with skills directories get symlinks to all your canonical skills.

The omni-skills CLI

Workflows

Chain skills together into repeatable sequences. A workflow is a named list of skills that execute in order — like a playbook for common tasks.

# List all workflows
omni-skills workflow list

# Run a workflow
omni-skills workflow run release-prep
omni-skills workflow run advanced-feature-dev

Simple Workflow (linear)

---
name: release-prep
description: Lint, test, and commit before release
steps:
  - lint-and-validate
  - testing-patterns
  - commit-suggest
---

Advanced Workflow (loops, conditions, parallel)

---
name: advanced-feature-dev
description: Full feature development with quality gates
goal: "Feature is specified, implemented, tested, and committed"
steps:
  - skill: refine-requests
    goal: "Requirements are clear and have acceptance criteria"
    max_retries: 2

  - loop:
      goal: "Specification is approved"
      until: "user says approved"
      max_iterations: 3
      steps:
        - skill: speckit-specify
        - skill: speckit-checklist

  - condition:
      check: "spec is complex (more than 5 requirements)"
      then:
        - skill: speckit-plan
      else:
        - skill: speckit-tasks

  - skill: speckit-implement
    goal: "All tasks are implemented"

  - parallel:
      goal: "All quality checks pass"
      branches:
        - steps:
            - skill: lint-and-validate
        - steps:
            - skill: testing-patterns
        - steps:
            - skill: speckit-analyze

  - skill: speckit-git-commit
    goal: "Clean commit with good message"
---

Step types:

Workflow features:

• Goals: Every step has a clear "done" condition
• Loops: Repeat refinement cycles until you approve
• Conditions: Adapt to complexity — simple features skip heavy planning
• Parallel: Quality checks run together, not one-by-one
• Retries: Auto-retry flaky steps before giving up

Workflows live in your private repo under workflows/ — they are personal, not shared.

🔒 Security Scanning (NVIDIA SkillSpector)

Research shows 26.1% of AI skills contain vulnerabilities and 5.2% show likely malicious intent. Omni Skills integrates with NVIDIA SkillSpector to scan your skills before you install them.

SkillSpector detects 64 vulnerability patterns across 16 categories:

• Prompt injection, data exfiltration, privilege escalation
• Supply chain attacks, malware, credential harvesting
• Excessive agency, tool misuse, system prompt leakage

Quick Start

# Check SkillSpector status
omni-skills security

# Scan all skills in your canonical store
omni-skills security scan

# Scan without LLM (faster, static analysis only)
omni-skills security scan --no-llm

# Scan a specific skill directory
omni-skills security scan ~/my-skills-private/clean-code

Install SkillSpector

git clone https://github.com/NVIDIA/skillspector.git
cd skillspector
python3 -m venv .venv && source .venv/bin/activate
pip install -e .

Or use Docker:

docker run --rm -v "$PWD:/scan" ghcr.io/nvidia/skillspector scan /scan

✨ Creating New Skills

Instead of creating skills through an agent and then moving them, create them directly:

# Interactive wizard
omni-skills create

# With name and description
omni-skills create refine-requests "Refine ticket acceptance criteria"

# Convert an existing file into a skill
omni-skills create from ./my-instructions.md

# Then index and sync
omni-skills index
omni-skills sync all

This creates a SKILL.md with proper frontmatter in your private skills store.

How to Store Your Skills

This toolkit is code only. Your skills live in a separate repository (or two) that you control.

Recommended Structure

# Your private skills repository (never published)
~/my-skills-private/
  ├── SHARED.md                    ← Generated shared instructions
  ├── INDEX.md                     ← Generated skill index
  ├── config.json                  ← Toolkit configuration
  │
  ├── clean-code/SKILL.md
  ├── systematic-debugging/SKILL.md
  ├── refine-requests/SKILL.md
  ├── codebase-memory/SKILL.md
  ├── mobile-ui-patterns/SKILL.md
  ├── dependency-updates/SKILL.md
  ├── build-optimizer/SKILL.md
  └── ... (all your skills)
  │
  ├── projects/                     ← Per-project instruction files
  │   ├── project-alpha/AGENTS.md
  │   ├── project-beta/AGENTS.md
  │   └── project-gamma/
  │       ├── Core Rules.md
  │       └── Core Rules Compact.md
  │
  ├── workflows/                     ← Chainable skill sequences
  │   ├── release-prep/WORKFLOW.md
  │   ├── feature-dev/WORKFLOW.md
  │   └── debug-trace/WORKFLOW.md
  │
  └── large-projects/
      └── project-gamma/
          └── ensure_symlinks.sh

Why Private?

Your skills are personal — they contain:

• Your coding style and preferences
• Your project's internal conventions and architecture
• Your proprietary workflows and domain knowledge
• Your private project structures

No one needs to see your refine-requests skill or your review-feedback workflow. The toolkit is public because it is generic infrastructure. The skills are private because they are your intellectual property.

How I Use This (Real Stats)

My personal setup — after unifying:

Weekly Health Check

A scheduled cron job runs omni-skills doctor every Sunday morning to catch drift before it becomes a problem:

omni-skills doctor    # Check all symlinks, config, indexes
omni-skills check     # Scan for orphaned skills
omni-skills report    # Usage stats and improvement tips

Verification

Before trusting the system, verify it:

node verify.js
# === Skills Ecosystem Verification ===
# [config]        ✓ loads successfully
# [skill paths]   ✓ 2 paths exist
# [skills scan]   ✓ 49 skills found, no duplicates
# [skill files]   ✓ all files valid
# [SHARED.md]     ✓ exists
# [instruction]   ✓ 6 symlinks + 1 regular valid
# [skills dirs]   ✓ 4 tools, 49 skills each, all healthy
# [MCP configs]   ✓ 7 tools, all have skills server
# ✓ ALL CHECKS PASSED (24 passed)

Tests

npm test

14 tests, Node's built-in runner, no extra dependencies. Covers:

• sensitive.js — denylist detection (company names, ticket IDs, API keys, internal URLs)
• fs-utils.js — symlink management, managed block insertion/updates
• skills.js — skill scanning, frontmatter parsing, hidden directory filtering

CI runs on every push via GitHub Actions.

License

MIT — see LICENSE.

Star & Contribute

If this tool helps you, give it a star ⭐

Found a bug? Want a new feature? Have a question?

• Open an issue — bug reports, feature requests, questions
• Open a discussion — ideas, show-and-tell, Q&A
• Open a PR — contributions welcome

Author: Moataz Mohamed · GitHub · npm

Built by someone who tries every new AI tool and got tired of watching their skills fragment across 18 projects. If you also have a .claude/, .kimi/, .codex/, .gemini/, .cursor/, and .kilocode/ directory on the same machine, this is for you.